Giters

xslate / p5-Text-Xslate

Scalable template engine for Perl5

Home Page:https://metacpan.org/release/Text-Xslate

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

severe xslate bug when use xslate to process. (Kill the whole perl)

xinminglai opened this issue · comments

commented

Hi, I think I meet a severe bug in xslate. This bug will make perl segmentation fault.
When use this within catalyst, It'll stop the catalyst serving request.
Please check, Thanks.

#!env perl
use strict;
use warnings;
use Text::Xslate;

my $base = <<'EOF';
: if 0 {
   : my $var = [ ];
: }
: for ['default'] -> $t {
: }
: block content -> { }
Good
EOF

my $xslate1 = Text::Xslate->new(
    path => {
       'base.tx' => $base,
       'page.tx' => q{: cascade "base.tx"},
    },
    warn_handler => sub { die @_ },
);
my $res1 = $xslate1->render('page.tx', { });
# Here, This print, It should print a string contains "Good". But it doesn't.
print $res1;

# And now, if we extract the base.tx and page.tx into separate files. We'll
# have more severe problem.
my $xslate2 = Text::Xslate->new(
    path => ['.'],
    warn_handler => sub { die @_ },
);
my $res2 = $xslate2->render('page.tx', { });
# Here, This pring, It should return the same result as above, But it terminiates.
print $res2;
commented

Sorry too late reply. sv_mortalcopy(NULL) causes segmentation fault with your test. I confirmed your issue is fixed by following patch and all tests are passed.

diff --git a/src/Text-Xslate.xs b/src/Text-Xslate.xs
index f1e60af..2d30e53 100644
--- a/src/Text-Xslate.xs
+++ b/src/Text-Xslate.xs
@@ -874,9 +874,13 @@ tx_macro_enter(pTHX_ tx_state_t* const txst, AV* const macro, tx_pc_t const reta
         for(NOOP; i < outer; i++) {
             IV const real_ix = i + TXframe_START_LVAR;
             /* XXX: macros can refer to unallocated lvars */
-            SV* const sv = AvFILLp(oframe) >= real_ix
-                ? sv_mortalcopy(AvARRAY(oframe)[real_ix])
-                : &PL_sv_undef;
+            SV* sv;
+            SV* v = AvARRAY(oframe)[real_ix];
+            if (AvFILLp(oframe) >= real_ix && v) {
+                 sv = sv_mortalcopy(v);
+            } else {
+                 sv = &PL_sv_undef;
+            }
             av_store(cframe, real_ix , sv);
             SvREFCNT_inc_simple_void_NN(sv);
         }
commented

I have fixed segmentation fault issue at #159. Please check latest version. If you have no problems, then I release new version to CPAN.

commented

Hi,

We recently encountered this bug, and I can confirm that this patch fixes it. Thanks.

commented

New version is released.